Cisco IOS and IOS XE Software Multiple Remote Code Execution Vulnerabilities

Description:  The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP – Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.

Related CVE’s

  • CVE-2017-6736
  • CVE-2017-6737
  • CVE-2017-6738
  • CVE-2017-6739
  • CVE-2017-6740
  • CVE-2017-6741
  • CVE-2017-6742
  • CVE-2017-6743
  • CVE-2017-6744

Impact: An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete control of the affected system.

These issues are being tracked by Cisco Bug IDs-CSCve54313,CSCve57697,CSCve60276,CSCve60376,CSCve60402,CSCve60507,CSCve66540,CSCve66601,CSCve66658,CSCve78027,CSCve89865.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s: